Nikto Integration in das Metasploit Framework

[neox]

Metasploit aduce foarte multe facilit??i de baz? pentru testarea de aplicatii web cu el. Din acest motiv, este firesc s? utilizeze pentru screening-ul de securitate de servere Web ?i aplica?ii Web mai multe instrumente.

---------------------------------------------------------------------------------------

În cazul în care vine vorba de folosirea rezultatelor externe instrumente în date suplimentare sau stocuri de documentare, iar punctul focal pentru Metasploit msfconsole ?i sprijinul lor de baze de date prevede este pierdut. Nikto Începând cu versiunea 2.1.3 op?iunea privind serviciul RPC, punctele slabe identificate ?i a partaja informa?ii cu Metasploit. Aceast? posibilitate creeaz? o func?ionalitate unificat de logare, care s? permit? o analiz? ulterioar? a Metasploit o baz? de date central?.

---------------------------------------------------------------------------------------

root@bt:~# cd /opt/metasploit35-dev/msf3/

root@bt:/opt/metasploit35-dev/msf3# ./msfconsole

__. .__. .__. __.

_____ _____/ |______ ____________ | | ____ |__|/ |_

/ \_/ __ \ __\__ \ / ___/\____ \| | / _ \| \ __\

| Y Y \ ___/| | / __ \_\___ \ | |_> > |_( <_> ) || |

|__|_| /\___ >__| (____ /____ >| __/|____/\____/|__||__|

\/ \/ \/ \/ |__|

=[ metasploit v3.5.1-dev [core:3.5 api:1.0]

+ -- --=[ 322 exploits - 99 auxiliary

+ -- --=[ 217 payloads - 20 encoders - 6 nops

=[ svn r11149 updated today (2010.11.25)

msf > version

Framework: 3.5.1-dev.11003

Console : 3.5.1-dev.11003

msf > load xmlrpc ServerType=Web

[*] XMLRPC Service: 127.0.0.1:55553

[*] XMLRPC Username: msf

[*] XMLRPC Password: HlwLdvKY

[*] XMLRPC Server Type: Web

[*] XMLRPC Web URI: /RPC2

[*] Successfully loaded plugin: xmlrpc

msf > db_driver sqlite3

[*] Using database driver sqlite3

msf > db_connect test-nikto

[-] Note that sqlite is not supported due to numerous issues.

[-] It may work, but don't count on it

[*] Successfully connected to the database

[*] File: test-nikto

---------------------------------------------------------------------------------------

Dac? baza de date de testare este creat ?i a început serviciul RPC ar trebui s? fie verificate cu netstat:

root@bt:~/msf-installers/nikto-2.1.3# netstat -anpt | grep 55553

tcp 0 0 127.0.0.1:55553 0.0.0.0:* LISTEN 21223/ruby

---------------------------------------------------------------------------------------

Odat? ce totul ieste in regula, pot fi utilizate dup? cum urmeaz? Nikto. Importante sunt op?iunile de format ?i op?iuni suplimentare MSF MSF-o: @ HlwLdvKY http://localhost:55553/RPC2 care specific? serviciul RPC:

root@bt:~/msf-installers/nikto-2.1.3# ./nikto.pl -Format msf -o msf:HlwLdvKY@http://localhost:55553/RPC2 -h demo.testfire.net

- Nikto v2.1.3

---------------------------------------------------------------------------

+ Target IP: 65.61.137.117

+ Target Hostname: demo.testfire.net

+ Target Port: 80

+ Start Time: 2010-11-27 10:06:49

---------------------------------------------------------------------------

+ Server: Microsoft-IIS/6.0

+ Retrieved x-powered-by header: ASP.NET

+ Retrieved x-aspnet-version header: 2.0.50727

+ No CGI Directories found (use '-C all' to force check all possible dirs)

+ OSVDB-630: IIS may reveal its internal or real IP in the Location header via a request to the /images directory. The value is "http://192.168.1.120/images/".

+ Microsoft-IIS/6.0 appears to be outdated (4.0 for NT 4, 5.0 for Win2k, current is at least 7.5)

+ Allowed HTTP Methods: OPTIONS, TRACE, GET, HEAD, POST

+ Public HTTP Methods: OPTIONS, TRACE, GET, HEAD, POST

+ OSVDB-3092: /bank/: This might be interesting...

+ OSVDB-3092: /pr/: This might be interesting... potential country code (Puerto Rico)

---------------------------------------------------------------------------------------

În urma auditului efectuat este în baza de date urm?toarele comenzi cu msfconsole db_vulns, db_notes db_host ?i interogare a informa?iilor:

msf > db_notes

[*] Time: Fri Nov 26 09:06:51 UTC 2010 Note: host=65.61.137.117service=microsoft-iis/6.0 type=nikto.999986 data={"result"=>"", "uri"=>"/ofQywa1R.aspx", "method"=>"GET", "message"=>"Retrieved x-aspnet-version header: 2.0.50727"}

[*] Time: Fri Nov 26 09:07:38 UTC 2010 Note: host=65.61.137.117service=microsoft-iis/6.0 type=nikto.600376 data={"result"=>"", "uri"=>"/", "method"=>"HEAD", "messa-ge"=>"Microsoft-IIS/6.0 appears to be outdated (4.0 for NT 4, 5.0 for Win2k, current is at least 7.5)"}

[*] Time: Fri Nov 26 09:07:39 UTC 2010 Note: host=65.61.137.117service=microsoft-iis/6.0 type=nikto.999990 data={"result"=>"", "uri"=>"/", "method"=>"GET", "messa-ge"=>"Allowed HTTP Methods: OPTIONS, TRACE, GET, HEAD, POST "}

[*] Time: Fri Nov 26 09:07:39 UTC 2010 Note: host=65.61.137.117service=microsoft-iis/6.0 type=nikto.999985 data={"result"=>"", "uri"=>"/", "method"=>"GET", "messa-ge"=>"Public HTTP Methods: OPTIONS, TRACE, GET, HEAD, POST "}

<snip>

scuze de gramatica